1. Field of the Invention
The present invention generally relates to a method of physical chip identification to be used in chip-to-chip communication and network.
2. Description of the Related Art
The progress of information and communication industry has been rapid since the beginning of the 21st century. More recently, the vast market is being made. Everything, such as home electronic appliances, houses, and cars besides information terminals, is connected to network. That is, Internet of Things (IoT) does not belong to any existing market. As for the internet of everything (IoE) which may be an advanced version of IoT, the social structure itself is on the verge of being changed.
By means of technology, IoT can be regarded as a communication technology among semiconductor chips that are the smallest elements (nodes). However, the number of nodes is more than a couple of trillions to several ten trillions (Trillion Nodes), which makes IoT differ from the existing network technology. Regarding the world population as seven billion, there are several hundreds to a thousand chips per person in average. Those chips store not only personal information but also systems to control appliances around the person. It may be practically impossible for all persons to finely-appropriately manage those chips. Moreover, the computer resource is insufficient to manage the several trillion chips, even while trained experts manage the network. Even granted that such a management system may be developed in the future, it may be a difficult problem who should operate that management system responsibly. It may not be preferable that a private company carries on the management of the entire chip all over the world. It may be undesirable and unrealistic that the task of management is handled by artificial intelligent which is smarter than a human being.
Which kind of problem may occur if nothing is able to control such a huge network? It may be understandable if we suppose that auto-driving cars having a large capacity Li-ion battery are hacked. Plenty of auto-driving cars under remote-control move unmanned to the attacking target (shopping centers, large underground car parks, terminal stations . . .). A huge amount of the Li-ion battery is collected at the attacking target, while the power control systems of the Li-ion battery are hijacked. It might become possible to trigger off a big explosion of the Li-ion battery owing to the malfunction on purpose. A big explosion might occur in the car park of a shopping center suddenly. Alternately, the traffic control system of the high speed railway would be hijacked, and, then, frontal impacts might occur. Likewise, the control systems of nuclear reactors or the air traffic might be hijacked. We are in the opposite side of the same coin with those risks.
It would be too hasty to conclude that the networks of such important facilities are safe, because they are protected by very powerful firewalls (or isolated physically). In reality, Iran's nuclear facility was attacked by malware called STUXNET and then suffered serious damages. (For example, Non-Patent Literature 1: http://www.nikkei.com/article/DGXNASFK2602G_W2A221C1000000/).
It is known that there are many potential infection routes of STUXNET, among which mobile terminals or USB data travelers are most promising. STUXNET may wait, for several months, for the opportunity to invade the targeted system, once it is released in the internet. Even while the targeted system is protected by a very powerful firewall, STUXNET may invade into USB data travelers or mobile terminals and then wait until those USB data travelers or mobile terminals are connected to the targeted system inside the firewall. After connected, STUXNET opens the backdoor, hijacks the PLC (programmable logic controller), and then begins with the remote-control. Thus, one thousand or more centrifuges in Iran's nuclear facility were rapidly accelerated, rapidly decelerated repeatedly, and then were destroyed. If the system is physically isolated, then STUXNET itself may destroy the centrifuges.
Although those centrifuges are disconnected from the outside network, it was necessary to periodically connect to mobile terminals that the maker of those centrifuges carries for maintenance. If they were connected to the outside network, then such an operation would not be necessary. In addition, STUXNET will do nothing but lurk anywhere that is not the attacking target. Therefore, it is hard for any anti-virus to detect STUXNET.
It might be supposed that the STUXNET attack on Iran's nuclear facility retards the nuclear development of Iran to avoid the air raid of Israel on Iran. Once the way of STUXNET attack is found, it might be regarded that the countermeasure to the STUXNET attack is possible. However, the state of feeling terror is that the code of STUXNET was stolen by hackers and then flowed out. In 2014, a new type of computer virus, which has a similar property to STUXNET, is reported. (For example, Non-Patent Literature 2: http://www.nikkei.com/article/DGXMZO79858560Y4A111C1000000/).
This malware, called BadUSB, hijacks the firmware to control USB devices instead of PLC which is a control program of industrial equipment. The USB devices have identification because they are connected and then used. This identification is involved in the firmware. The firmware is a program saved in a chip and to control the chip. BadUSB steals the identification of USB devices and then does nothing on anything to which this USB device is connected. For example, BadUSB may not infect a personal computer but may hijack a mouse or keyboard connected to the personal computer for controlling the personal computer. Thus, a hacker on the other side of the globe may be able to remote-control other's computers. It should be noted that an anti-virus computer software protecting a personal computer cannot detect anything that BadUSB has done, because BadUSB does not infect the personal computer.
In IoT/IoE, the smallest element of communication (node) is a control chip of an appliance. The control software (firmware) is stored in the control chip. This firmware holds each identification code to authenticate each chip. The new attack to remote-control auto-driving cars, mentioned above, is analogical to the attack by BadUSB and
STUXNET, since they steal the identification code of the peripheral devices for the remote control.
It may be possible that a few hacker's group causes the synchronized terrorist attacks like September 11 in the future. It may be unable to prevent such a new thread with the conventional anti-terrorism policy and the existing cyber security technologies.
The mainstream of the cybersecurity technology is the central control by software. The recognition level of the security technology varies widely by persons. Thus, it may be impossible to make every end user appropriately carry on the professional management of the network. The security may be vulnerable unless a person appropriately manages the network, even while 999 persons appropriately manage it. It is accordingly preferable that the supervisors having been sufficiently trained may manage the security via the network using sufficiently reliable software. That is, the central control is the control via the network with software.
However, the number of nodes may be more than a trillion in the IoT/IoE business model, which may make the central control difficult. In addition, if the identification code of only a node is taken over, then the entire system (e.g., auto-driving cars, air-traffic control system and so forth) may be vulnerable. Since the network is controlled by software, the identification code is used to control the network. This is an essential limitation of the central control.
Due to the above considerations, the present invention is therefore to provide a local management of identification of nodes without software.